Tài liệu MCSA 70-290 p 14

Trang 1

70-290 Tài liệu dành cho học viên

MODULE 9: QUẢN LÝ MÔI TRƯỜNG NGƯỜI DUNG BANG CHINH

SÁCH NHÓM Bài (tập I Tạo đối tượng chính sách nhóm

Tao GPO và liên kêt tới OU Acapulco

“4 Active Directory Users and Computers _

4 tk Action View ae Help

° > | Ole) oe St XÃ Amada

+ ?S Saved Queries

Dae msft To improve Group Policy management, upgrade to the Group Policy

: ata SIC EDUPATION CORPORATION

= Domain Controllers

co 2a ee

roperties

Group Pobsy Obie Links |_No Override Disabled |

System Group Policy Objects higher in the list have the highest priiy

" This fist obtained from: LONDON-DC rwstraders msft

Options | Delete | Properties | Down

Chon nút New để vừa tạo mới vừa liên kết tới OU Acapulco

—

To improve Group Policy management, upgrade to the Group Policy Management Console (GPMC)

is Current Group Policy Object Links for Acapulco

Bioue Posey Object Links |_No Override | Disabled |

OH — Standard Desktop 2 ”

Group Policy Objects higher in the list have the highest priority

This list obtained from: LONDON-DC.nwtraders msft

——

| 6 J mì |

Options | Delete | Properties | Bow

I” Block Policy inheritance

Vao the Security trong peoperties cua GPO vura moi tao ra

Trang 2

Rcapulco Standard Desktop 2 Properties _?|x

General] Links ( Secly }/MI Fâet|

: CREATOR OWNER

€22 Domain Admins (NWTRADERS\Domain Admins) (7 Enterprise Admins (NWTRADERS\Enterprise Admins) (2 ENTERPRISE DOMAIN CONTROLLERS

om AAO Teese

= a a

Permissions for Authenticated Users Allow

oO

n

Create All Child Objects Delete All Child Objects Apply Group Policy For special permissions ot for advanced settings, click Advanced

nnnnnnlš 1# ———-kj

Xóa bỏ nhóm authenticated users, đưa nhóm G Nwtraders Marketing Personnel vào ACL-

từ chôi áp dụng GPO

?Í x capulco Standard Desktop 2 ProperHes

General | Links Security | WMI Fiter |

VSIC EDUCATION CORPORATION

€B Domain Admins (NWTRADERS Domain Admins} ^Í

€F Enterprise Admins (NWTRADERS Enterprise Admins)

EP ENTER

G NWTRADERS Marketing Personnel (NWTRADERS\G NWTRi

Add | Remove | Permissions for G NWTRADERS

Create All Child Objects oO oO

Delete All Child Objects O O

<Bpply Group Policy nm #-

Special Petmissions oO 1 s

For special permissions or for advanced settings, anced

Click Edit dé vao group policy editor céu hinh cho GPO

Trang 3

Beneral | Managed By | Object | Security] COM C Group Policy |

si Current Group Policy Object Links for Acapulco

| Group Policy Object Links | No Override Disabled |

; Š aria ¥v

Group Pokey Objects higher in the list have the highest prionty

This list obtained from: LONDON-DC nwtraders msft

`

New | Ad |[ E# ur |

Options | Delsde | `Eepemế | Down |

Chọn thiết lap ngan chan vao cac tng dung 16-bit

‘jn Group Policy Object Editor File Action View Help

e — €81e

7 9Sie-EOWEKTION-COREORATION

+) J Software Settings

0) Windows Settings |W Prevent access to 16-bit applications

#)- J Administrative Templates

©) 2 User Configuration

+) J Software Settings Not ed ) ) Windows Settings

=} Administrative Templates

& ) windows Explorer

*) (5) Microsoft Managem

Bo nut Search khoi Windows Explorer

Trang 4

« AG |e

Computer Configuration

8 — Software Settings

o £ ie cnc

&) 3) Software Settings

QJ Windows Settings

=) Administrative Templates

=) J Windows Components

J NetMeeting

= 'YSIG EDUCATIO

Remove Search button from Windows Explore

ION ‘CORPORATION emove Search button from Windows

-] Internet Explorer Application Compat

Xoa bod thé Hardware khoi Windows Explorer

Fle Action View Help

«+ |Gal#8ie2 VSIC EDUCATION CORPORATION

® (5) Administrative Templates

G 2 User Configuration

& Dy Windows Settings

= J Administrative Templates

=) (3) windows Components

&) 3) NetMeeting

4) CC] Internet Explorer

Teen Kon ff6siseFsvixe

ij Remove “Map Network Drive” and “Discorexect Netweork: Drive”

id Remove Search button from Windows Explorer

Sd Remove Windows Explorer's default context menu

4 Hides the Manage Rem on the Windows Explorer context menu

24d Allow only per user or approved shel extensions

#44 Do mot track Shel shortcuts during roaming prob Eat

k2 Mkrosoft Console f simile Lite anes eobeai aniuadiaen alll Nol

Xoá bỏ các liên kếtvà quyên truy cập vào Windows Update

0) (x2 Policy Object Editor

Fle Action ew Help

= QJ Computer Configuration

i) () Software Settings

& QJ Windows Settings

@) (3) Administrative Templates

=) G2 User Configuration

&) (3) Software Settings

&) QJ Windows Settings

=} 4 Administrative Templates

+ ae aicueae

() Shared Folders

J) Acapulco Standard Desktop 2 [LONDON-DC nwtraders.msft] P

Xoa bé Network Connections khoi Start Menu

Trang 5

ch oup Policy Object Editor

Ble action View Help

Acapuico Standard Desktop 2 [LONDON-OC nwtraders.msft] P

= GB) computer Configuration Remove user's folders from the Start Menu eer

Gy Software Settings Remove links and access to Windows Update Enabled

Remove common program groups from Start Menu Not configured Remove My Documerts kon from Start Menu Not configured

"M Remove Documents menu from Start Meru Not corfigured

i Remove Search menu from Start Menu

4 Remove Help sven From Start Monts

Gỡ bỏ Run khoi Start Menu

ø Group Policy Object Editor Lt

Ble Aetion Yew Help

«+» em #f eg

PWR EEE Wiveikr 4&

= BB Computer Configuration Remove user's folders fron the Start Mere Not configured

Gy Software Settings Remove links and access to Windows Update Enabled

& y Windows Settings Remove comenon prog am groups from Start Menu Not corfigured

% Cy Admirestrative Templates Remove My Documents icon from Start Menu Not configured

= 2 User Configuration Remove Documents menu from Start Menu Not configured

= yas ease Remove Network Connections from Start Menu Enabled

8 Remove Favorftes ren Írom Street Menu Not corfig red

Remove Search menu from Start Menu Not configured

WW Remove Hekr mar FEN St TR:

Cc

“23 Start Meru and Taskbar =)

(&¡ +3 Contr

1 Chu «A24 Eallazz

Bài tập 2 Tạo đối tượng chính sách nhóm cho việc chuyển hướng thư mục

Vao Properties cua OU users dé tao GPO

Trang 6

e+ 8ml # ® Xr#fAf4 ®@ 0Ø

<2 Active Directory LIsers and Computer Users 7 objects

° 3fN€EBIIEATION C{BBOBATION—

+) Computers

T mploy:

+) Domain Controllers So + vn (4) C~] ForeignSecurityPrincipals © ax : :

œ Acapulco

® @œ Computers ® Acapulco_User

&)-) Lostiind Delegate Control

+) NTDs Quote Moye

(5) ProgramDa Ffnd

(+) (5) System

New Window from Here Cut

Delete

Rename Refresh

|

pens property sheet

Chọn nút New và nhập tên cho GPO

General] Managed By | Object | Secunty | coms Group Pole)

a) Current Group Pokey Object Links for Users

[ Group Policy Object Links | No Override | Disabled |

& [Acapulco Accouting Folder Redirectior! }

Group Policy Objects higher in the list have the highest pnority

This list obtained from: LONDON-DC rmvtraders msft

a

Options | Delete | Properties | Down |

Xoá bỏ nhóm Authenticated Users

Trang 7

General] Managed By | Object | Security | COM+ Group Policy |

Ie epee ee ttee | ey Bis nosey, teers a Ne INET ORS Ô | [Dercvbons_

#8 Enterprise Admins (NWTRADERS\Enterprise Admins)

# ENTERPRISE DOMAIN CONTROLLERS

- TAO Trae

Group Policy Objects high

This list obtained from: LO

_ 0plen | Dạ | ead oO i

Acapulco Accouting Folder Redirection Propert

ˆ«.nMSIC.EDUCATION CORPORATION

| ae Groups, or Built-in security principals

T575)

Si

XS ilEne |

Cho Full Control

Trang 8

capulco Accouting Folder Redirection Properties

General | Links Security | WMI Fiter |

Vals BRUCA ION CORPORATION

€B Enterprise Admins NWT PADERS\Entenyiee Adkins (72 ENTERPRISE DOMAIN CONTROLLERS

ee - OTs xị

Permissions for DL NWTRADERS Accounting Personnel

Full Control Read Write Create All Child Objects Delete All Child Objects

Apply Group Policy For special permissions ot for advanced settings, Advanced

weaa

oooooo|? le

Click OK chon ntt edit

Chon properties>chon Basic, chi duéng.dan toi thu muc share chtra thu muc My Documents

lìn Broup Policy 0bject Editor

Ble Action Yew Hẹp VSIC EDUCATION RPORATION

+ mm #f3 @

35 Acapulco Accouting Folder Redireci My Documents ProperHes

— =

5) Computer Configuration Teaget | Setings |

+ixI

(2) Software Settings ats?

4= ata ‘You can specify the location of the My Documents folder,

#) (J Administrative Templates

S cất Lser Confiauration a

i) (2 Software Settings Setting: /| Basic - Redirect everyone's folder to the same location *|

=) Windows Settings ; ; =

#1, Remote Installation Se: Thisfokler redirected to the specified location

(SJ Scripts (LogonjLogoff)

%\ BỘ Security Settings

=) Folder Redirection

(5) Application Data ~ Target folder location

| Create a folder for each user under the root path zi

(59 Start Menu aot : =

si ra Internet Explorer Main! = :

#' (CÑ Administrative Templates |\\London-deVAccounting —

For user Clair, this folder vall be redirected to:

Vao thé Settings

Trang 9

My Documents Properties

=C UCATION CORPORATION

Select the redirection settings for

Bik

~ Policy Removal

Sener the folder back othe local usepofe location `

Fˆ Mỹ PIefiItes F!£f£rerrz£s

@ Make My Pic

tures 4 subtoldet of My Documerts

y admmstrative policy for My Pictures

Cancel | Appy _

Bai tap 3 Tao GPO cho cac may laptops

Click phai OU Laptops > Properties >thé Group Policy nut New nhập tên cho GPO

& Active Directory Users and Computers

<2 Fle Action View Window Help

- ~|O0|% @ xX ¢ Sa 2x

‹ Active Directory Users and Computer

+) (3) Saved Queries

S „ nwtraders.msft

#'- CS) Buftin

&j C~] Computers

#' (ð] Domain Controllers

) (3) ForeignSecurityPrincipals

= (2l Locations

= sJ Acapulco

#3 CS] LostAndFound

(J NTDS Quotes

(J Program Data

) 23) System

C1 Users

General] Managed By| Object| Security] COM+ Group Policy |

VSIC EDUCATION CORPORATION or

sẽ Current Group Polcy Object Links for Laptops

_No Overide Disabled

Group Policy Objects higher in the list have the highest prionty

This list obtained from: LONDON-DC_nwtraders.msft BSS

_Ñplns | Delete | Properties

| Down |

Trang 10

Chọn setting nhắc øõ mật khâu khi tro lai tir Hibernate

ag

« Group Policy Object Editor

Ble Action Yew Hep

e7|\08 @f3 @

SS Acopuko Laptop Settings [LONDOF

= Bh Computer Configuration

& QQ Software Settings

+) (3) Windows Settings

= (5) Administrative Templates

QB) Windows Components

Dy Sart Menu and Taskbe

& Gy Desktop

($¡ CC] Control Panel

Dy Srared Folders

Gy Network

=) CC] Systen

J} User Profiles

Cũ scrips

S) Cire ak+Del Optio

Bogen

Prompt for password on resume from hibernate /

Deploy Properties

Requremerts:

At least Microsoft Windows XP Professional or Windows Server 2003

wen WSIC EDUCATION CORPORATION

This settings allows you to configure chert computers to always lock when recurring from a hibernate or suspend

If you enable this setting, the chant coenputer ts locked when & & resumed from a suspend ce hibernate state

If you disable or do not configure this setting, users can decide ff their computer is automatically locked or not

J Group Pode

Diora ea

Chon enabled >OK

after performing a resume operation

“vn Group Policy Object Editor

Fie Action View Help

+ |8 m g¢B\e

= G2 User Configuration

4ì C~] Network

E\ C~] 5ystem

©) Legon

®+

Prompt for password on resume from hibernate / suspend "Xã x

(2) Software Settings

#)- Windows Settings

(2) Administrative Templates

%¡ 3) Software Settings

=) 2) Administrative Templates

=) (3) Windows Components

(5) Start Menu and

&) (3) Desktop VS

QJ Control P

(5) Shared Folders

(5) User Profiles CC] Ctrl Alt+Del Optio rove nn

[W Prompt for password on resume from hibemate / suspend

Not

T

IC EDUCATION CORPORATION

Supported or: At least Microsoft Windows XP Professional or Windo

|

[L_]_ œ= |_ mm |

à

Previous Setting | Next Setting

Network offline files >déng bộ hóa mọi Offline files khi log on

Trang 11

s 6roup Poltcy ØbJect Editor

File Action Yiew Help

« + &mirffä @

35 Acapulco Laptop Settings [LONDOR

S42) Computer Configuration

& QJ windows Settings

_=—-_—_._ SẼ “NNG

Synchronize all offline files when logging on Properties

_ J¥Ste-EDUCATION CORPORATION

QJ Control Panel

a Shared Folders

Supported on: At least Microsoft Windows 2000

Previous Setting | NewSetng |

Va enable đông bộ hóa khi log off

ig Group Policy Object Editor

File Action View Help

œ + &m r#f e VSIC EDUCATION CORPORATION

4 Acapuico Laptop Settings [LONDO

+) (2) Software Settings

) J Windows Settings

=} 42 User Configuration

) J) Software Settings

+) QJ Windows Settings

Bài tập 4 Tạo GPO cho các máy tính để bàn

Vao properties cua Ou Desktops dé tao GPO

}- {3} Computer Configuration ` Prob user B09) cÝ Offline Files Not Tin ng

i) (5) Administrative Templates Bo “je - Properties

Administratively assigned offline files Not configured Turn off reminder balloons Not configured

Reminder balloon frequency Not configured Initial reminder balloon lifetime Not configured

Reminder balloon lifetime Not configured

Prohibit ‘Make Available Offline’ for these file and folders Not configured

Do not automatically make redirected folders available offline Not configured

Tiêu đề	Tạo đối tượng chính sách nhóm và liên kết tới OU Acapulco
Thể loại	Tài liệu

Định dạng
Số trang	11
Dung lượng	2,25 MB